Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move auth token to HTTPOnly Cookies #38

Open
porcej opened this issue May 1, 2023 · 0 comments
Open

Move auth token to HTTPOnly Cookies #38

porcej opened this issue May 1, 2023 · 0 comments
Assignees
@porcej
Labels
enhancement New feature or request

Comments

@porcej
Copy link
Owner

porcej commented May 1, 2023

Currently, the auth token for the admin page is handled by client side javascript. This leads to the possibility of (maliciously) injected client side code gaining access to the token. A better approach would be to generate httponly cookies that can't be accessed directly by client side code.
@porcej porcej added the enhancement New feature or request label May 1, 2023
@porcej porcej self-assigned this May 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@porcej porcej

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@porcej